#!/bin/bash
#################################################
# File Name: optimize-init_sys.sh
# Author: Energy
# Mail: admin@znix.top
# Function: system optimize scripts
#################################################
#optimization linux system
. /etc/init.d/functions
#change system directory: create seripts/software directory
function change_dir(){
ShellDir="/server/scripts"
SoftwareDir="/server/tools"
mkdir -p $ShellDir &&\
mkdir -p $SoftwareDir
}
# input info verify
function info_verify(){
read -p "Please make sure the information you entered (yes|no): " info
case "$info" in
y*|Y*)
continue
;;
n*|N*)
exit 1
;;
esac
}
#change system hostname
function change_hostname(){
read -p "Please input hostname: " HostName
info_verify
hostname $HostName &&\
sed -i "2s/=.*$/=$HostName/g" /etc/sysconfig/network &&\
chk_hosts=$(grep -o "\b$HostName\b" /etc/hosts)
get_ip=$(ifconfig eth0|awk -F "[ :]+" 'NR==2 {print $4}')
if [ -z $chk_hosts ]
then
echo "$get_ip $HostName" >>/etc/hosts
else
continue
fi
}
#boot system optimize: setup chkconfig
function change_chkconfig(){
Boot_options="$1"
for boots in `chkconfig --list|grep "3:on"|awk '{print $1}'|grep -vE "$Boot_options"`
do
chkconfig $boots off
done
}
#setup system optimize: setup ulimit
function change_ulimit(){
grep "* - nofile 65535" /etc/security/limits.conf >/dev/null 2>&1
if [ $? -ne 0 ]
then
echo '* - nofile 65535' >>/etc/security/limits.conf
fi
}
#setup system optimize: setup sysctl
function change_sysctl(){
cat /tmp/sysctl.conf >/etc/sysctl.conf &&\
modprobe bridge &>/dev/null &&\
sysctl -p &>/dev/null
}
#sshd software optimize: change sshd_conf
function change_sshdfile(){
SSH_Port="port 22"
SSH_ListenAddress=$(ifconfig eth0|awk -F "[ :]+" 'NR==2 {print $4}')
SSH_PermitRootLogin="PermitRootLogin no"
SSH_PermitEmptyPassword="PermitEmptyPasswords no"
SSH_GSSAPI="GSSAPIAuthentication no"
SSH_DNS="useDNS no"
#sed -i -e "13s/.*/$SSH_Port/g" /etc/ssh/sshd_config
#sed -i -e "15s/.*/ListenAddress $SSH_ListenAddress/g" /etc/ssh/sshd_config
#sed -i -e "42s/.*/$SSH_PermitRootLogin/g" /etc/ssh/sshd_config
#sed -i -e "65s/.*/$SSH_PermitEmptyPassword/g" /etc/ssh/sshd_config
sed -i -e "81s/.*/$SSH_GSSAPI/g" /etc/ssh/sshd_config
sed -i -e "122s/.*/$SSH_DNS/g" /etc/ssh/sshd_config
}
#selinux software optimize: change disable
function change_selinux(){
sed -i 's#SELINUX=.*#SELINUX=disabled#g' /etc/selinux/config &&\
setenforce 0
}
#firewall software optimize: change stop
function change_firewall(){
/etc/init.d/iptables stop >/dev/null 2>&1
}
#crond software optimize: time synchronization
function change_update(){
grep -i "#crond-id-001" /var/spool/cron/root >/dev/null 2>&1
if [ $? -ne 0 ]
then
echo '#crond-id-001:time sync by hq' >>/var/spool/cron/root
echo "*/5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1">>/var/spool/cron/root
fi
}
#update yum info
function update_yum(){
wget -q -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-6.repo
wget -q -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
}
#change profile file info
function change_profile(){
grep "PS1" /etc/profile >>/dev/null 2>&1
if [ $? -ne 0 ]
then
echo "PS1='\[\e[32;1m\][\u@\h \W]\\$ \[\e[0m\]'" >>/etc/profile
fi
grep "alias grep" /etc/profile >>/dev/null 2>&1
if [ $? -ne 0 ]
then
echo "alias grep='grep --color=auto'" >>/etc/profile
echo "alias ll='ls -l --color=auto --time-style=long-iso'" >>/etc/profile
fi
source /etc/profile
}
function main(){
change_dir
change_hostname
change_chkconfig "crond|network|rsyslog|sshd|sysstat"
change_ulimit
change_sysctl
change_sshdfile
change_selinux
change_firewall
change_update
update_yum
change_profile
}
main
action "system optimize complete" /bin/true
浙公网安备 33010602011771号